Projects
openEuler:Mainline
p11-kit
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 2
View file
_service:tar_scm:p11-kit.spec
Changed
@@ -1,6 +1,6 @@ Name: p11-kit -Version: 0.24.0 -Release: 2 +Version: 0.24.1 +Release: 1 Summary: Provides a way to load and enumerate PKCS#11 modules. License: BSD URL: http://p11-glue.freedesktop.org/p11-kit.html @@ -130,6 +130,9 @@ %{_datadir}/bash-completion/completions/trust %changelog +* Sun Jan 29 2023 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 0.24.1-1 +- update to 0.24.1 + * Wed Jun 15 2022 duyiwei <duyiwei@kylinos.cn> - 0.24.0-2 - add subpackage server
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="scm">git</param> <param name="url">git@gitee.com:src-openeuler/p11-kit.git</param> - <param name="revision">30b8cc201bbb7f509c37caa903676b324acb71de</param> + <param name="revision">master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/ChangeLog -> _service:tar_scm:p11-kit-0.24.1.tar.xz/ChangeLog
Changed
@@ -1,5 +1,292 @@ # Generate automatically. Do not edit. +commit dd0590d4e583f107e3e9fafe9ed754149da335d0 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2022-01-17 + + Release 0.24.1 + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + NEWS | 7 +++++++ + configure.ac | 2 +- + meson.build | 2 +- + 3 files changed, 9 insertions(+), 2 deletions(-) + +commit 4589625f3038d85cada8555fc457ad30ca2bfd06 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-05-30 + + common: Support copying attribute array recursively + + This enables p11_attrs_build to build an attribute list with arrays of + attributes indicated with CKF_ARRAY_ATTRIBUTE. A couple of new + internal functions have been added: p11_attr_copy and p11_attr_clear. + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + common/attrs.c | 80 +++++++++++++++++++++++++++++++++++++++++++++-------- + common/attrs.h | 3 ++ + common/test-attrs.c | 36 ++++++++++++++++++++++++ + 3 files changed, 107 insertions(+), 12 deletions(-) + +commit b9da18d6994b3a718248f59f1f080d4f6fe97b8c +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-06-01 + + common: Add assert_ptr_cmp + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + common/test.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +commit 9f01a8a45ba913a9b65894cef9369b6010005096 +Author: Eli Schwartz <eschwartz@archlinux.org> +Date: 2022-01-11 + + gtkdoc: remove dependencies on custom target files + + Sadly, the `dependencies` kwarg does not actually do what it seems to be + trying to be used for, here. It is for listing dependency or library + objects whose compiler flags should be added to gtkdoc-scangobj. + + It will not actually add ninja target dependencies. The similar kwarg in + other meson functions (e.g. genmarshal and compile_schemas) that *do* + allow adding target dependencies, is `depend_files`. + + Older versions of meson simply did nothing in an if/elif/elif block + where these custom_targets never matched anything, and were thus + silently ignored. + + Meson 0.61 type-validates the arguments and rejects CustomTarget as + invalid: + + ``` + doc/manual/meson.build:72:8: ERROR: gnome.gtkdoc keyword argument 'dependencies' was of type arrayCustomTarget | PkgConfigDependency but should have been arrayDependency | SharedLibrary | StaticLibrary + ``` + + Fixes #406 + + doc/manual/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit 04f85857b3029fd28c7c731aef89f61b22e846d3 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-11-26 + + doc: Replace occurrence of black list with blocklist + + This is a follow-up of 47fabc2366d917e255241c41a6cfc179af372644. + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + doc/manual/pkcs11.conf.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +commit fd7c4e7e9496a7b4b2a26430e8969f27fb38457e +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-10-16 + + build: Suppress cppcheck false-positive on array bounds + + Cppcheck 2.6 reports the following errors, when loops on arrays depend + on a sentinel: + + trust/builder.c:1103,error,arrayIndexOutOfBounds,Array 'schema->attrs32' accessed at index 9998, which is out of bounds. + trust/builder.c:1136,error,arrayIndexOutOfBounds,Array 'schema->attrs32' accessed at index 9998, which is out of bounds. + trust/builder.c:1301,error,arrayIndexOutOfBounds,Array 'ku_attribute_map8' accessed at index 9998, which is out of bounds. + trust/builder.c:1385,error,arrayIndexOutOfBounds,Array 'eku_attribute_map9' accessed at index 9998, which is out of bounds. + + This adds an extra check to those loop conditions. While it is + redundant, this should be harmless as it is not in the performance + critical path. + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + trust/builder.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +commit 2d34226781e89c23cef13833a3db25b1d59d9b07 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-10-16 + + ci: Use Docker image from the same repository + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + .github/workflows/test.yaml | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +commit c643379626e6ea1d22ab406aafc0beed35b81ab3 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-10-16 + + ci: Integrate Docker image building to GitHub workflow + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + .github/workflows/build-image.yml | 39 +++++++++++++++++++++++++++++++++++++++ + ci/Dockerfile | 9 +++++++++ + 2 files changed, 48 insertions(+) + +commit 0bc75cae1057b03e3d790c741adf97ac9b4dbe92 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-09-18 + + rpc: Fallback to version 0 if server does not support negotiation + + Old servers without support for version negotiation cannot handle + version bytes other than 0 and will close the connection if a version + byte greater than 0 is received. This adds a fallback mechanism to + reconnect and reauthenticate with version 0 in that situation for + backward compatibility. + + Suggested by Owen Taylor. + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + p11-kit/rpc-client.c | 16 ++++++++++++++++ + p11-kit/rpc-transport.c | 2 +- + 2 files changed, 17 insertions(+), 1 deletion(-) + +commit fdf3f1f28b946ee737b55b4313f8a7f7a02143f3 +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-08-24 + + build: Port e850e03be65ed573d0b69ee0408e776c08fad8a3 to meson + + Also expand the comment in configure.ac. + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + configure.ac | 7 ++++--- + p11-kit/meson.build | 6 ++++++ + 2 files changed, 10 insertions(+), 3 deletions(-) + +commit e850e03be65ed573d0b69ee0408e776c08fad8a3 +Author: Emmanuel Dreyfus <manu@netbsd.org> +Date: 2021-08-24 + + Link libp11-kit so that it cannot unload + + libp11-kit installs a pthread_atfork() callback to count forks. If the + library gets unloaded, a stale pointer is called on the next fork(), + leading to a crash. + + This fix adds -z nodelete linker flag so that libp11-kit cannot be + unloaded. Unfortunately, that only fixes the problem for GNU ld. + More additionnal flags will be required for other linkers. + + configure.ac | 13 +++++++++++++ + p11-kit/Makefile.am | 1 + + 2 files changed, 14 insertions(+) + +commit 509c1c949751c554e6244f2b42f1ce905e02f47d +Author: Daiki Ueno <ueno@gnu.org> +Date: 2021-07-22 + + trust: Use dngettext for plurals + + Suggested by Rafael Fontenelle in: + https://github.com/p11-glue/p11-kit/issues/380 + + Signed-off-by: Daiki Ueno <ueno@gnu.org> + + trust/anchor.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +commit 4769c479a3c41d68a293d007dd9e17a763001239
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/Makefile.in -> _service:tar_scm:p11-kit-0.24.1.tar.xz/Makefile.in
Changed
@@ -1620,6 +1620,7 @@ LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LDFLAGS_Z_NODELETE = @LDFLAGS_Z_NODELETE@ LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ LIBFFI_LIBS = @LIBFFI_LIBS@ LIBICONV = @LIBICONV@ @@ -1907,8 +1908,9 @@ $(NULL) libp11_kit_la_CFLAGS = $(COMMON_CFLAGS) -libp11_kit_la_LDFLAGS = -no-undefined -version-info \ - $(P11KIT_LT_RELEASE) $(am__append_3) $(am__append_4) +libp11_kit_la_LDFLAGS = $(LDFLAGS_Z_NODELETE) -no-undefined \ + -version-info $(P11KIT_LT_RELEASE) $(am__append_3) \ + $(am__append_4) libp11_kit_la_SOURCES = \ p11-kit/proxy.c p11-kit/proxy.h p11-kit/proxy-init.c \ p11-kit/rpc-server.c \
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/NEWS -> _service:tar_scm:p11-kit-0.24.1.tar.xz/NEWS
Changed
@@ -1,3 +1,10 @@ +0.24.1 (stable) + * rpc: Support protocol version negotiation PR#371, PR#385 + * proxy: Support copying attribute array recursively PR#368 + * Link libp11-kit so that it cannot unload PR#383 + * Translation improvements PR#381 + * Build fixes PR#372, PR#373, PR#375, PR#377, PR#384, PR#407 + 0.24.0 (stable) * Use inclusive language on certificate distrust. Note: This changes the directory and attribute names to distrust certain CAs to
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/common/attrs.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/common/attrs.c
Changed
@@ -82,8 +82,9 @@ if (!attrs) return; - for (i = 0; !p11_attrs_terminator (ats + i); i++) - free (atsi.pValue); + for (i = 0; !p11_attrs_terminator (ats + i); i++) { + p11_attr_clear (&atsi); + } free (ats); } @@ -143,18 +144,17 @@ free (add->pValue); continue; - /* The attribute exitss, and we're overriding */ + /* The attribute exists but we're overriding */ } else { free (attr->pValue); } - memcpy (attr, add, sizeof (CK_ATTRIBUTE)); - if (!take_values && attr->pValue != NULL) { - if (attr->ulValueLen == 0) - attr->pValue = malloc (1); - else - attr->pValue = memdup (attr->pValue, attr->ulValueLen); - return_val_if_fail (attr->pValue != NULL, NULL); + if (take_values) { + memcpy (attr, add, sizeof (CK_ATTRIBUTE)); + } else { + if (!p11_attr_copy (attr, add)) { + return_val_if_reached (NULL); + } } } @@ -416,8 +416,9 @@ if (i == count) return false; - if (attrsi.pValue) - free (attrsi.pValue); + if (attrsi.pValue) { + p11_attr_clear (&attrsi); + } memmove (attrs + i, attrs + i + 1, (count - (i + 1)) * sizeof (CK_ATTRIBUTE)); attrscount - 1.type = CKA_INVALID; @@ -526,6 +527,61 @@ return hash; } +bool +p11_attr_copy (CK_ATTRIBUTE *dst, const CK_ATTRIBUTE *src) +{ + memcpy (dst, src, sizeof (CK_ATTRIBUTE)); + + if (!src->pValue) { + return true; + } + + if (src->ulValueLen == 0) { + dst->pValue = malloc (1); + } else { + dst->pValue = malloc (src->ulValueLen); + } + if (!dst->pValue) { + return_val_if_reached (false); + } + + assert (dst->ulValueLen >= src->ulValueLen); + + if (!IS_ATTRIBUTE_ARRAY (src)) { + memcpy (dst->pValue, src->pValue, src->ulValueLen); + } else { + CK_ATTRIBUTE *child_dst; + const CK_ATTRIBUTE *child_src; + size_t i; + + for (i = 0, child_dst = dst->pValue, child_src = src->pValue; + i < src->ulValueLen / sizeof (CK_ATTRIBUTE); + i++, child_dst++, child_src++) { + if (!p11_attr_copy (child_dst, child_src)) { + return_val_if_reached (false); + } + } + } + + return true; +} + +void +p11_attr_clear (CK_ATTRIBUTE *attr) +{ + if (IS_ATTRIBUTE_ARRAY (attr) && attr->pValue) { + CK_ATTRIBUTE *child; + size_t i; + + for (i = 0, child = attr->pValue; + i < attr->ulValueLen / sizeof (CK_ATTRIBUTE); + i++, child++) { + p11_attr_clear (child); + } + } + free (attr->pValue); +} + static void buffer_append_printf (p11_buffer *buffer, const char *format,
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/common/attrs.h -> _service:tar_scm:p11-kit-0.24.1.tar.xz/common/attrs.h
Changed
@@ -142,5 +142,8 @@ bool p11_attr_match_value (const CK_ATTRIBUTE *attr, const void *value, ssize_t length); +bool p11_attr_copy (CK_ATTRIBUTE *dst, + const CK_ATTRIBUTE *src); +void p11_attr_clear (CK_ATTRIBUTE *attr); #endif /* P11_ATTRS_H_ */
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/common/test-attrs.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/common/test-attrs.c
Changed
@@ -244,6 +244,41 @@ } static void +test_build_recursive (void) +{ + CK_BBOOL vtrue = CK_TRUE; + CK_BYTE vpoint1; + CK_ATTRIBUTE template = { + { CKA_LOCAL, &vtrue, sizeof (vtrue) }, + { CKA_EC_POINT, vpoint, 0 }, + }; + CK_ATTRIBUTE add = { CKA_WRAP_TEMPLATE, template, sizeof (template) }; + CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *array; + + attrs = p11_attrs_build (NULL, &add, NULL); + + /* Test the first attribute */ + assert_ptr_not_null (attrs); + assert_num_eq (attrs->type, CKA_WRAP_TEMPLATE); + assert_num_eq (attrs->ulValueLen, sizeof (template)); + array = attrs->pValue; + /* Check that the CKA_LOCAL attribute has been copied, but + * still has the same value */ + assert_num_eq (array0.type, CKA_LOCAL); + assert_num_eq (array0.ulValueLen, sizeof (vtrue)); + assert_ptr_cmp (array0.pValue, !=, &vtrue); + assert_num_eq (*(CK_BBOOL *)array0.pValue, vtrue); + /* Check that the CKA_EC_POINT attribute has been allocated, + * even if the length is zero */ + assert_num_eq (array1.type, CKA_EC_POINT); + assert_num_eq (array1.ulValueLen, 0); + assert_ptr_not_null (array1.pValue); + assert_ptr_cmp (array1.pValue, !=, vpoint); + p11_attrs_free (attrs); +} + +static void test_dup (void) { CK_ATTRIBUTE *attrs; @@ -766,6 +801,7 @@ p11_test (test_buildn_two, "/attrs/buildn-two"); p11_test (test_build_add, "/attrs/build-add"); p11_test (test_build_null, "/attrs/build-null"); + p11_test (test_build_recursive, "/attrs/build-recursive"); p11_test (test_dup, "/attrs/dup"); p11_test (test_take, "/attrs/take"); p11_test (test_merge_replace, "/attrs/merge-replace");
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/common/test.h -> _service:tar_scm:p11-kit-0.24.1.tar.xz/common/test.h
Changed
@@ -97,13 +97,15 @@ } while (0) #define assert_str_eq(a1, a2) \ assert_str_cmp(a1, ==, a2) -#define assert_ptr_eq(a1, a2) \ +#define assert_ptr_cmp(a1, cmp, a2) \ do { const void *__p1 = (a1); \ const void *__p2 = (a2); \ - if (__p1 == __p2) ; else \ + if (__p1 cmp __p2) ; else \ p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s == %s): (0x%08lx == 0x%08lx)", \ #a1, #a2, (unsigned long)(size_t)__p1, (unsigned long)(size_t)__p2); \ } while (0) +#define assert_ptr_eq(a1, a2) \ + assert_ptr_cmp(a1, ==, a2) #define assert_str_contains(expr, needle) \ do { const char *__str = (expr); \
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/config.h.in -> _service:tar_scm:p11-kit-0.24.1.tar.xz/config.h.in
Changed
@@ -217,6 +217,12 @@ /* Building for win32 */ #undef OS_WIN32 +/* Maximum RPC protocol version we support */ +#undef P11_RPC_PROTOCOL_VERSION_MAXIMUM + +/* Minimum RPC protocol version we support */ +#undef P11_RPC_PROTOCOL_VERSION_MINIMUM + /* the compiler keyword to define thread-local storage */ #undef P11_TLS_KEYWORD
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/configure -> _service:tar_scm:p11-kit-0.24.1.tar.xz/configure
Changed
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for p11-kit 0.24.0. +# Generated by GNU Autoconf 2.69 for p11-kit 0.24.1. # # Report bugs to <https://github.com/p11-glue/p11-kit/issues>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='p11-kit' PACKAGE_TARNAME='p11-kit' -PACKAGE_VERSION='0.24.0' -PACKAGE_STRING='p11-kit 0.24.0' +PACKAGE_VERSION='0.24.1' +PACKAGE_STRING='p11-kit 0.24.1' PACKAGE_BUGREPORT='https://github.com/p11-glue/p11-kit/issues' PACKAGE_URL='https://p11-glue.github.io/p11-glue/p11-kit.html' @@ -712,6 +712,7 @@ PKG_CONFIG_LIBDIR PKG_CONFIG_PATH PKG_CONFIG +LDFLAGS_Z_NODELETE HAVE_LD_VERSION_SCRIPT_FALSE HAVE_LD_VERSION_SCRIPT_TRUE LT_SYS_LIBRARY_PATH @@ -860,6 +861,8 @@ with_hash_impl enable_trust_module with_trust_paths +with_rpc_min +with_rpc_max with_html_dir enable_doc enable_doc_html @@ -1441,7 +1444,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures p11-kit 0.24.0 to adapt to many kinds of systems. +\`configure' configures p11-kit 0.24.1 to adapt to many kinds of systems. Usage: $0 OPTION... VAR=VALUE... @@ -1512,7 +1515,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of p11-kit 0.24.0:";; + short | recursive ) echo "Configuration of p11-kit 0.24.1:";; esac cat <<\_ACEOF @@ -1582,6 +1585,8 @@ input paths for trust module + --with-rpc-min Minimum RPC protocol version we support + --with-rpc-max Maximum RPC protocol version we support --with-html-dir=PATH path to installed docs --without-systemd Disable systemd socket activation --without-bash-completion @@ -1686,7 +1691,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -p11-kit configure 0.24.0 +p11-kit configure 0.24.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2395,7 +2400,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by p11-kit $as_me 0.24.0, which was +It was created by p11-kit $as_me 0.24.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2757,6 +2762,11 @@ P11KIT_AGE=3 # ------------------------------------------------------------------------------ +# p11-kit RPC protocol versions +P11KIT_RPC_MIN=0 +P11KIT_RPC_MAX=0 + +# ------------------------------------------------------------------------------ ac_config_headers="$ac_config_headers config.h" @@ -3277,7 +3287,7 @@ # Define the identity of the package. PACKAGE='p11-kit' - VERSION='0.24.0' + VERSION='0.24.1' cat >>confdefs.h <<_ACEOF @@ -12750,6 +12760,33 @@ +SAVE_LDFLAGS="$LDFLAGS" +LDFLAGS="$LDFLAGS -Wl,-z -Wl,nodelete" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether linker understands -z nodelete" >&5 +$as_echo_n "checking whether linker understands -z nodelete... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + LDFLAGS_Z_NODELETE="-Wl,-z -Wl,nodelete"; has_option=yes +else + LDFLAGS_Z_NODELETE=""; has_option=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $has_option" >&5 +$as_echo "$has_option" >&6; } +LDFLAGS="$SAVE_LDFLAGS" + + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -17850,7 +17887,7 @@ $as_echo "disabled" >&6; } # Option was not set, try to detect -elif test "$with_trust_paths" = "" -o "$with_trust_paths" = "yes"; then +elif test "$with_trust_paths" = "" || test "$with_trust_paths" = "yes"; then with_trust_paths="" for f in /etc/pki/tls/certs/ca-bundle.crt \ /etc/ssl/certs/ca-certificates.crt \ @@ -17883,6 +17920,57 @@ # -------------------------------------------------------------------- +# RPC + + +# Check whether --with-rpc-min was given. +if test "${with_rpc_min+set}" = set; then : + withval=$with_rpc_min; rpc_min=$withval +else + rpc_min=$P11KIT_RPC_MIN +fi + + + +# Check whether --with-rpc-max was given. +if test "${with_rpc_max+set}" = set; then : + withval=$with_rpc_max; rpc_max=$withval +else + rpc_max=$P11KIT_RPC_MAX +fi + + +if test $rpc_min -lt $P11KIT_RPC_MIN || test $rpc_min -gt $P11KIT_RPC_MAX; then : + + as_fn_error $? "Out of range version specified with --with-rpc-min" "$LINENO" 5 + +fi + +if test $rpc_max -lt $P11KIT_RPC_MIN || test $rpc_max -gt $P11KIT_RPC_MAX; then : + + as_fn_error $? "Out of range version specified with --with-rpc-max" "$LINENO" 5 + +fi + +if test $rpc_min -gt $rpc_max; then : + + as_fn_error $? "Conflicting versions specified with --with-rpc-min and --with-rpc-max" "$LINENO" 5 + +fi + + +cat >>confdefs.h <<_ACEOF +#define P11_RPC_PROTOCOL_VERSION_MINIMUM $rpc_min +_ACEOF + + + +cat >>confdefs.h <<_ACEOF +#define P11_RPC_PROTOCOL_VERSION_MAXIMUM $rpc_max +_ACEOF + + +# --------------------------------------------------------------------
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/configure.ac -> _service:tar_scm:p11-kit-0.24.1.tar.xz/configure.ac
Changed
@@ -1,7 +1,7 @@ AC_PREREQ(2.61) AC_INIT(p11-kit, - 0.24.0, + 0.24.1, https://github.com/p11-glue/p11-kit/issues, p11-kit, https://p11-glue.github.io/p11-glue/p11-kit.html) @@ -18,6 +18,11 @@ P11KIT_AGE=3 # ------------------------------------------------------------------------------ +# p11-kit RPC protocol versions +P11KIT_RPC_MIN=0 +P11KIT_RPC_MAX=0 + +# ------------------------------------------------------------------------------ AC_CONFIG_HEADERS(config.h) AC_CONFIG_MACRO_DIR(build/m4) @@ -39,6 +44,20 @@ dnl Check if -Wl,--version-script is supported by the linker gl_LD_VERSION_SCRIPT +dnl libp11-kit installs pthread_atfork to count forks in ELF +dnl constructor, which could cause crash if the library is unloaded. +dnl Use the linker flag "-z nodelete" to prevent unloading, if +dnl available. +SAVE_LDFLAGS="$LDFLAGS" +LDFLAGS="$LDFLAGS -Wl,-z -Wl,nodelete" +AC_MSG_CHECKING(whether linker understands -z nodelete) +AC_LINK_IFELSE(AC_LANG_PROGRAM(, ), + LDFLAGS_Z_NODELETE="-Wl,-z -Wl,nodelete"; has_option=yes, + LDFLAGS_Z_NODELETE=""; has_option=no) +AC_MSG_RESULT($has_option) +LDFLAGS="$SAVE_LDFLAGS" +AC_SUBST(LDFLAGS_Z_NODELETE) + dnl Checks for programs. AC_PROG_CC AC_PROG_CPP @@ -350,7 +369,7 @@ AC_MSG_RESULT(disabled) # Option was not set, try to detect -elif test "$with_trust_paths" = "" -o "$with_trust_paths" = "yes"; then +elif test "$with_trust_paths" = "" || test "$with_trust_paths" = "yes"; then with_trust_paths="" for f in /etc/pki/tls/certs/ca-bundle.crt \ /etc/ssl/certs/ca-certificates.crt \ @@ -377,6 +396,35 @@ AC_SUBST(with_trust_paths) # -------------------------------------------------------------------- +# RPC + +AC_ARG_WITH(rpc-min, + AS_HELP_STRING(--with-rpc-min, Minimum RPC protocol version we support), + rpc_min=$withval, + rpc_min=$P11KIT_RPC_MIN) + +AC_ARG_WITH(rpc-max, + AS_HELP_STRING(--with-rpc-max, Maximum RPC protocol version we support), + rpc_max=$withval, + rpc_max=$P11KIT_RPC_MAX) + +AS_IF(test $rpc_min -lt $P11KIT_RPC_MIN || test $rpc_min -gt $P11KIT_RPC_MAX, + AC_MSG_ERROR(Out of range version specified with --with-rpc-min) +) + +AS_IF(test $rpc_max -lt $P11KIT_RPC_MIN || test $rpc_max -gt $P11KIT_RPC_MAX, + AC_MSG_ERROR(Out of range version specified with --with-rpc-max) +) + +AS_IF(test $rpc_min -gt $rpc_max, + AC_MSG_ERROR(Conflicting versions specified with --with-rpc-min and --with-rpc-max) +) + +AC_DEFINE_UNQUOTED(P11_RPC_PROTOCOL_VERSION_MINIMUM, $rpc_min, Minimum RPC protocol version we support) + +AC_DEFINE_UNQUOTED(P11_RPC_PROTOCOL_VERSION_MAXIMUM, $rpc_max, Maximum RPC protocol version we support) + +# -------------------------------------------------------------------- # GTK Doc dnl check for tools @@ -642,4 +690,6 @@ Build trust module: $enable_trust_module Trust module paths: $trust_status + RPC protocol versions: $rpc_min upto $rpc_max + )
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/doc/Makefile.in -> _service:tar_scm:p11-kit-0.24.1.tar.xz/doc/Makefile.in
Changed
@@ -241,6 +241,7 @@ LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LDFLAGS_Z_NODELETE = @LDFLAGS_Z_NODELETE@ LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ LIBFFI_LIBS = @LIBFFI_LIBS@ LIBICONV = @LIBICONV@
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/doc/manual/Makefile.in -> _service:tar_scm:p11-kit-0.24.1.tar.xz/doc/manual/Makefile.in
Changed
@@ -222,6 +222,7 @@ LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LDFLAGS_Z_NODELETE = @LDFLAGS_Z_NODELETE@ LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ LIBFFI_LIBS = @LIBFFI_LIBS@ LIBICONV = @LIBICONV@
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/doc/manual/html/index.html -> _service:tar_scm:p11-kit-0.24.1.tar.xz/doc/manual/html/index.html
Changed
@@ -14,7 +14,7 @@ <div class="titlepage"> <div> <div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">p11-kit</p></th></tr></table></div> -<div><p class="releaseinfo">for p11-kit 0.24.0</p></div> +<div><p class="releaseinfo">for p11-kit 0.24.1</p></div> </div> <hr> </div>
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/doc/manual/html/pkcs11-conf.html -> _service:tar_scm:p11-kit-0.24.1.tar.xz/doc/manual/html/pkcs11-conf.html
Changed
@@ -163,7 +163,7 @@ <tr> <td><p><span class="term"><code class="option">trust-policy:</code></span></p></td> <td><p>Set to <code class="literal">yes</code> to use use this module as a source - of trust policy information such as certificate anchors and black lists.</p></td> + of trust policy information such as certificate anchors and blocklists.</p></td> </tr> <tr> <td><p><a name="option-log-calls"></a><span class="term"><code class="option">log-calls:</code></span></p></td>
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/doc/manual/meson.build -> _service:tar_scm:p11-kit-0.24.1.tar.xz/doc/manual/meson.build
Changed
@@ -60,7 +60,10 @@ 'annotation-glossary.xml' - glib_prefix = dependency('glib-2.0').get_pkgconfig_variable('prefix') + glib_prefix = get_option('glib_prefix') + if glib_prefix == '' + glib_prefix = dependency('glib-2.0').get_pkgconfig_variable('prefix') + endif fixxref_args = '--html-dir=' + (prefix / gnome.gtkdoc_html_dir(meson.project_name())), '--extra-dir=' + (glib_prefix / gnome.gtkdoc_html_dir('glib')), @@ -70,7 +73,7 @@ main_xml: 'p11-kit-docs.xml', namespace: 'p11_kit', src_dir: 'p11-kit', - dependencies: libffi_deps + dlopen_deps + xml_deps, + dependencies: libffi_deps + dlopen_deps, scan_args: '--ignore-headers=' + ' '.join(ignore_headers), '--rebuild-types',
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/doc/manual/pkcs11.conf.xml -> _service:tar_scm:p11-kit-0.24.1.tar.xz/doc/manual/pkcs11.conf.xml
Changed
@@ -174,7 +174,7 @@ <term><option>trust-policy:</option></term> <listitem> <para>Set to <literal>yes</literal> to use use this module as a source - of trust policy information such as certificate anchors and black lists.</para> + of trust policy information such as certificate anchors and blocklists.</para> </listitem> </varlistentry> <varlistentry id="option-log-calls">
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/meson.build -> _service:tar_scm:p11-kit-0.24.1.tar.xz/meson.build
Changed
@@ -1,5 +1,5 @@ project('p11-kit', 'c', - version: '0.24.0', + version: '0.24.1', meson_version: '>= 0.49') version_arr = meson.project_version().split('.') @@ -89,6 +89,16 @@ conf.set('SIZEOF_UNSIGNED_LONG', cc.sizeof('unsigned long')) +rpc_min = get_option('rpc_min') +rpc_max = get_option('rpc_max') + +if rpc_min > rpc_max + error('rpc_min is larger than rpc_max') +endif + +conf.set('P11_RPC_PROTOCOL_VERSION_MINIMUM', rpc_min) +conf.set('P11_RPC_PROTOCOL_VERSION_MAXIMUM', rpc_max) + nanosleep_deps = dlopen_deps = socket_deps =
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/meson_options.txt -> _service:tar_scm:p11-kit-0.24.1.tar.xz/meson_options.txt
Changed
@@ -54,6 +54,10 @@ value : false, description : 'Build documentation using gtk-doc') +option('glib_prefix', type : 'string', + value : '', + description : 'GLib installed prefix, used for gtk-doc, taken from pkg-config if undefined') + option('man', type : 'boolean', value : false, description : 'Build manpages using xsltproc') @@ -65,3 +69,11 @@ option('test', type : 'boolean', value : true, description : 'Enable building test programs') + +option('rpc_min', type : 'integer', + min : 0, max : 0, value : 0, + description : 'Minimum RPC protocol version we support') + +option('rpc_max', type : 'integer', + min : 0, max : 0, value : 0, + description : 'Maximum RPC protocol version we support')
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/Makefile.am -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/Makefile.am
Changed
@@ -87,6 +87,7 @@ libp11_kit_la_CFLAGS = $(COMMON_CFLAGS) libp11_kit_la_LDFLAGS = \ + $(LDFLAGS_Z_NODELETE) \ -no-undefined \ -version-info $(P11KIT_LT_RELEASE)
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/meson.build -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/meson.build
Changed
@@ -57,6 +57,12 @@ ) libp11_kit_symbol_def = meson.current_source_dir() / 'libp11-kit-@0@.dll.def'.format(soversion) +# Make sure that libp11-kit is unloadable, as it installs +# pthread_atfork to count forks in the ELF constructor. +libp11_kit_ldflags += cc.get_supported_link_arguments( + '-Wl,-z,nodelete' +) + libp11_kit = shared_library('p11-kit', libp11_kit_sources, install: true, @@ -307,7 +313,7 @@ 'p11_module_configs=@0@'.format(prefix / p11_package_config_modules), 'p11_module_path=@0@'.format(prefix / p11_module_path), 'proxy_module=@0@/p11-kit-proxy.so'.format(prefix / libdir), - 'p11_system_config_modules=@0@'.format(prefix / p11_package_config_modules) + 'p11_system_config_modules=@0@'.format(prefix / p11_system_config_modules) if trust_paths != ''
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/rpc-client.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/rpc-client.c
Changed
@@ -66,6 +66,7 @@ p11_rpc_client_vtable *vtable; unsigned int initialized_forkid; bool initialize_done; + uint8_t version; } rpc_client; /* Allocator for call session buffers */ @@ -755,10 +756,33 @@ assert (module->vtable->connect != NULL); ret = (module->vtable->connect) (module->vtable, reserved); + if (ret == CKR_OK) { + module->version = P11_RPC_PROTOCOL_VERSION_MAXIMUM; + ret = (module->vtable->authenticate) (module->vtable, + &module->version); + +#if P11_RPC_PROTOCOL_VERSION_MAXIMUM > 0 + /* If the server is too old to support version negotiation + * (i.e., not accepting version bytes other than 0), try to + * reconnect and reauthenticate with version 0 */ + if (ret != CKR_OK) { + assert (module->vtable->disconnect != NULL); + (module->vtable->disconnect) (module->vtable, reserved); + ret = (module->vtable->connect) (module->vtable, reserved); + + module->version = 0; + ret = (module->vtable->authenticate) (module->vtable, + &module->version); + } +#endif + } + /* Successfully initialized */ if (ret == CKR_OK) { module->initialized_forkid = p11_forkid; module->initialize_done = true; + p11_debug ("authenticated with protocol version %u", + module->version); /* Server doesn't exist, initialize but don't call */ } else if (ret == CKR_DEVICE_REMOVED) {
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/rpc-server.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/rpc-server.c
Changed
@@ -70,6 +70,11 @@ #define PARSE_ERROR CKR_DEVICE_ERROR #define PREP_ERROR CKR_DEVICE_MEMORY +typedef struct { + p11_virtual virt; + uint8_t version; +} rpc_server; + static CK_RV proto_read_byte_buffer (p11_rpc_message *msg, CK_BYTE_PTR *buffer, @@ -1957,8 +1962,7 @@ int out_fd) { p11_rpc_status status; - unsigned char version; - p11_virtual virt; + rpc_server server; p11_buffer options; p11_buffer buffer; size_t state; @@ -1970,24 +1974,29 @@ p11_buffer_init (&options, 0); p11_buffer_init (&buffer, 0); - p11_virtual_init (&virt, &p11_virtual_base, module, NULL); + p11_virtual_init (&server.virt, &p11_virtual_base, module, NULL); - switch (read (in_fd, &version, 1)) { + switch (read (in_fd, &server.version, 1)) { case 0: goto out; case 1: - if (version != 0) { +#if P11_RPC_PROTOCOL_VERSION_MINIMUM > 0 + if (server.version < P11_RPC_PROTOCOL_VERSION_MINIMUM) { p11_message (_("unsupported version received: %d"), (int)version); goto out; } +#endif break; default: p11_message_err (errno, _("couldn't read credential byte")); goto out; } - version = 0; - switch (write (out_fd, &version, 1)) { + if (server.version > P11_RPC_PROTOCOL_VERSION_MAXIMUM) { + server.version = P11_RPC_PROTOCOL_VERSION_MAXIMUM; + } + + switch (write (out_fd, &server.version, 1)) { case 1: break; default: @@ -2018,7 +2027,7 @@ goto out; } - if (!p11_rpc_server_handle (&virt.funcs, &buffer, &buffer)) { + if (!p11_rpc_server_handle (&server.virt.funcs, &buffer, &buffer)) { p11_message (_("unexpected error handling rpc message")); goto out; } @@ -2046,7 +2055,7 @@ p11_buffer_uninit (&buffer); p11_buffer_uninit (&options); - p11_virtual_uninit (&virt); + p11_virtual_uninit (&server.virt); return ret; }
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/rpc-transport.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/rpc-transport.c
Changed
@@ -97,7 +97,6 @@ p11_mutex_t write_lock; int refs; int last_code; - bool sent_creds; /* This data is protected by read mutex */ p11_mutex_t read_lock; @@ -105,7 +104,6 @@ /* Signalled when read_code changes */ p11_cond_t read_code_cond; #endif - bool read_creds; uint32_t read_code; uint32_t read_olen; uint32_t read_dlen; @@ -122,8 +120,6 @@ sock->read_fd = fd; sock->write_fd = fd; sock->last_code = 0x10; - sock->read_creds = false; - sock->sent_creds = false; sock->refs = 1; p11_mutex_init (&sock->write_lock); @@ -259,20 +255,10 @@ p11_buffer *buffer) { unsigned char header12; - unsigned char dummy = '\0'; /* The socket is locked and referenced at this point */ assert (buffer != NULL); - /* Place holder byte, will later carry unix credentials (on some systems) */ - if (!sock->sent_creds) { - if (write_all (sock->write_fd, &dummy, 1) != 1) { - p11_message_err (errno, _("couldn't send socket credentials")); - return CKR_DEVICE_ERROR; - } - sock->sent_creds = true; - } - p11_rpc_buffer_encode_uint32 (header, code); p11_rpc_buffer_encode_uint32 (header + 4, options->len); p11_rpc_buffer_encode_uint32 (header + 8, buffer->len); @@ -401,7 +387,6 @@ { CK_RV ret = CKR_DEVICE_ERROR; unsigned char header12; - unsigned char dummy; #ifdef OS_WIN32 HANDLE handle; DWORD mode; @@ -417,14 +402,6 @@ p11_mutex_lock (&sock->read_lock); - if (!sock->read_creds) { - if (read_all (sock->read_fd, &dummy, 1) != 1) { - p11_mutex_unlock (&sock->read_lock); - return CKR_DEVICE_ERROR; - } - sock->read_creds = true; - } - for (;;) { /* No message header has been read yet? ... read one in */ if (sock->read_code == 0) { @@ -643,6 +620,51 @@ } static CK_RV +rpc_transport_authenticate (p11_rpc_client_vtable *vtable, + uint8_t *version) +{ + p11_rpc_transport *rpc = (p11_rpc_transport *)vtable; + rpc_socket *sock; + + assert (rpc != NULL); + assert (version != NULL); + + sock = rpc->socket; + assert (sock != NULL); + + if (sock->read_fd == -1) { + return CKR_DEVICE_ERROR; + } +#ifdef OS_WIN32 + if (sock->write_fd == -1) { + return CKR_DEVICE_ERROR; + } +#endif + + p11_debug ("authenticating with version %u", *version); + + /* Place holder byte, will later carry unix credentials (on some systems) */ + if (write_all (sock->write_fd, version, 1) != 1) { + p11_message_err (errno, _("couldn't send socket credentials")); + return CKR_DEVICE_ERROR; + } + + if (read_all (sock->read_fd, version, 1) != 1) { + p11_message_err (errno, _("couldn't receive socket credentials")); + return CKR_DEVICE_ERROR; + } + +#if P11_RPC_PROTOCOL_VERSION_MINIMUM > 0 + if (*version < P11_RPC_PROTOCOL_VERSION_MINIMUM) { + p11_message_err (errno, _("peer protocol version is too old")); + return CKR_DEVICE_ERROR; + } +#endif + + return CKR_OK; +} + +static CK_RV rpc_transport_buffer (p11_rpc_client_vtable *vtable, p11_buffer *request, p11_buffer *response) @@ -1066,6 +1088,7 @@ rex->base.vtable.connect = rpc_exec_connect; rex->base.vtable.disconnect = rpc_exec_disconnect; + rex->base.vtable.authenticate = rpc_transport_authenticate; rex->base.vtable.transport = rpc_transport_buffer; rpc_transport_init (&rex->base, name, rpc_exec_free); @@ -1142,6 +1165,7 @@ run->base.vtable.connect = rpc_unix_connect; run->base.vtable.disconnect = rpc_unix_disconnect; + run->base.vtable.authenticate = rpc_transport_authenticate; run->base.vtable.transport = rpc_transport_buffer; rpc_transport_init (&run->base, name, rpc_unix_free); @@ -1224,6 +1248,7 @@ run->base.vtable.connect = rpc_vsock_connect; run->base.vtable.disconnect = rpc_vsock_disconnect; + run->base.vtable.authenticate = rpc_transport_authenticate; run->base.vtable.transport = rpc_transport_buffer; rpc_transport_init (&run->base, name, rpc_vsock_free);
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/rpc.h -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/rpc.h
Changed
@@ -39,6 +39,7 @@ #include "pkcs11.h" #include "buffer.h" #include "virtual.h" +#include <stdint.h> typedef struct _p11_rpc_client_vtable p11_rpc_client_vtable; @@ -48,6 +49,9 @@ CK_RV (* connect) (p11_rpc_client_vtable *vtable, void *init_reserved); + CK_RV (* authenticate) (p11_rpc_client_vtable *vtable, + uint8_t *version); + CK_RV (* transport) (p11_rpc_client_vtable *vtable, p11_buffer *request, p11_buffer *response);
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/test-rpc.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/test-rpc.c
Changed
@@ -709,6 +709,16 @@ } static CK_RV +rpc_authenticate (p11_rpc_client_vtable *vtable, + uint8_t *version) +{ + assert_str_eq (vtable->data, "vtable-data"); + assert_ptr_not_null (version); + + return CKR_OK; +} + +static CK_RV rpc_initialize_fails (p11_rpc_client_vtable *vtable, void *init_reserved) { @@ -754,7 +764,7 @@ static void test_initialize (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -780,7 +790,7 @@ static void test_not_initialized (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport, rpc_finalize }; p11_virtual mixin; CK_INFO info; bool ret; @@ -802,7 +812,7 @@ static void test_initialize_fails_on_client (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize_fails, rpc_transport, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize_fails, rpc_authenticate, rpc_transport, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -832,7 +842,7 @@ static void test_transport_fails (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_fails, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport_fails, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -854,7 +864,7 @@ static void test_initialize_fails_on_server (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -894,7 +904,7 @@ static void test_transport_bad_parse (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_parse, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport_bad_parse, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -942,7 +952,7 @@ static void test_transport_short_error (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_short_error, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport_short_error, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -989,7 +999,7 @@ static void test_transport_invalid_error (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_invalid_error, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport_invalid_error, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -1034,7 +1044,7 @@ static void test_transport_wrong_response (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_wrong_response, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport_wrong_response, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -1081,7 +1091,7 @@ static void test_transport_bad_contents (void) { - p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_contents, rpc_finalize }; + p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_authenticate, rpc_transport_bad_contents, rpc_finalize }; p11_virtual mixin; bool ret; CK_RV rv; @@ -1105,6 +1115,7 @@ static p11_rpc_client_vtable test_normal_vtable = { NULL, rpc_initialize, + rpc_authenticate, rpc_transport, rpc_finalize, }; @@ -1112,6 +1123,7 @@ static p11_rpc_client_vtable test_device_removed_vtable = { NULL, rpc_initialize_device_removed, + rpc_authenticate, rpc_transport, rpc_finalize, };
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/p11-kit/test-server.sh -> _service:tar_scm:p11-kit-0.24.1.tar.xz/p11-kit/test-server.sh
Changed
@@ -36,7 +36,7 @@ . ./start.env -if test "${P11_KIT_SERVER_ADDRESS+set}" = "set" -a "${P11_KIT_SERVER_PID+set}" = "set"; then +if test "${P11_KIT_SERVER_ADDRESS+set}" = "set" && test "${P11_KIT_SERVER_PID+set}" = "set"; then echo "ok 2 /server/start-env" else echo "not ok 2 /server/start-env" @@ -54,7 +54,7 @@ . ./stop.env -if test "${P11_KIT_SERVER_ADDRESS-unset}" = "unset" -a "${P11_KIT_SERVER_PID-unset}" = "unset"; then +if test "${P11_KIT_SERVER_ADDRESS-unset}" = "unset" && test "${P11_KIT_SERVER_PID-unset}" = "unset"; then echo "ok 4 /server/stop-env" else echo "not ok 4 /server/stop-env"
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/po/p11-kit.pot -> _service:tar_scm:p11-kit-0.24.1.tar.xz/po/p11-kit.pot
Changed
@@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: p11-kit 0.24.0\n" +"Project-Id-Version: p11-kit 0.24.1\n" "Report-Msgid-Bugs-To: https://github.com/p11-glue/p11-kit/issues\n" -"POT-Creation-Date: 2021-06-03 16:52+0200\n" +"POT-Creation-Date: 2022-01-17 15:47+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -16,6 +16,7 @@ "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n" #: common/tool.c:184 #, c-format @@ -538,43 +539,43 @@ msgid "only one module can be specified" msgstr "" -#: p11-kit/rpc-client.c:145 +#: p11-kit/rpc-client.c:146 msgid "invalid rpc error response: too short" msgstr "" -#: p11-kit/rpc-client.c:150 +#: p11-kit/rpc-client.c:151 msgid "invalid rpc error response: bad error code" msgstr "" -#: p11-kit/rpc-client.c:160 +#: p11-kit/rpc-client.c:161 msgid "invalid rpc response: call mismatch" msgstr "" -#: p11-kit/rpc-client.c:181 +#: p11-kit/rpc-client.c:182 msgid "invalid rpc response: bad argument data" msgstr "" -#: p11-kit/rpc-client.c:228 +#: p11-kit/rpc-client.c:229 msgid "received an attribute array with wrong number of attributes" msgstr "" -#: p11-kit/rpc-client.c:255 +#: p11-kit/rpc-client.c:256 msgid "returned attributes in invalid order" msgstr "" -#: p11-kit/rpc-client.c:726 trust/module.c:382 +#: p11-kit/rpc-client.c:727 trust/module.c:382 msgid "invalid set of mutex calls supplied" msgstr "" -#: p11-kit/rpc-client.c:735 trust/module.c:391 +#: p11-kit/rpc-client.c:736 trust/module.c:391 msgid "can't do without os locking" msgstr "" -#: p11-kit/rpc-client.c:748 +#: p11-kit/rpc-client.c:749 msgid "C_Initialize called twice for same process" msgstr "" -#: p11-kit/rpc-client.c:832 +#: p11-kit/rpc-client.c:856 #, c-format msgid "finalizing rpc module returned an error: %lu" msgstr "" @@ -601,176 +602,184 @@ msgid "invalid length space padded string received: %d != %d" msgstr "" -#: p11-kit/rpc-server.c:564 +#: p11-kit/rpc-server.c:569 msgid "invalid request from module, probably too short" msgstr "" -#: p11-kit/rpc-server.c:574 +#: p11-kit/rpc-server.c:579 msgid "couldn't initialize rpc response" msgstr "" -#: p11-kit/rpc-server.c:706 +#: p11-kit/rpc-server.c:711 msgid "invalid handshake received from connecting module" msgstr "" -#: p11-kit/rpc-server.c:1823 +#: p11-kit/rpc-server.c:1828 msgid "couldn't parse pkcs11 rpc message" msgstr "" -#: p11-kit/rpc-server.c:1910 +#: p11-kit/rpc-server.c:1915 msgid "out of memory error putting together message" msgstr "" -#: p11-kit/rpc-server.c:1934 +#: p11-kit/rpc-server.c:1939 msgid "out of memory responding with error" msgstr "" -#: p11-kit/rpc-server.c:1980 +#: p11-kit/rpc-server.c:1985 #, c-format msgid "unsupported version received: %d" msgstr "" -#: p11-kit/rpc-server.c:1985 +#: p11-kit/rpc-server.c:1991 msgid "couldn't read credential byte" msgstr "" -#: p11-kit/rpc-server.c:1994 +#: p11-kit/rpc-server.c:2003 msgid "couldn't write credential byte" msgstr "" -#: p11-kit/rpc-server.c:2017 +#: p11-kit/rpc-server.c:2026 msgid "failed to read rpc message" msgstr "" -#: p11-kit/rpc-server.c:2022 +#: p11-kit/rpc-server.c:2031 msgid "unexpected error handling rpc message" msgstr "" -#: p11-kit/rpc-server.c:2040 +#: p11-kit/rpc-server.c:2049 msgid "failed to write rpc message" msgstr "" -#: p11-kit/rpc-transport.c:212 +#: p11-kit/rpc-transport.c:208 msgid "couldn't send data: closed connection" msgstr "" -#: p11-kit/rpc-transport.c:215 +#: p11-kit/rpc-transport.c:211 msgid "couldn't send data" msgstr "" -#: p11-kit/rpc-transport.c:238 +#: p11-kit/rpc-transport.c:234 msgid "couldn't receive data: closed connection" msgstr "" -#: p11-kit/rpc-transport.c:242 +#: p11-kit/rpc-transport.c:238 msgid "couldn't receive data" msgstr "" -#: p11-kit/rpc-transport.c:270 +#: p11-kit/rpc-transport.c:416 +msgid "received invalid rpc header values: perhaps wrong protocol" +msgstr "" + +#: p11-kit/rpc-transport.c:459 +msgid "couldn't use select to wait on rpc pipe" +msgstr "" + +#: p11-kit/rpc-transport.c:648 msgid "couldn't send socket credentials" msgstr "" -#: p11-kit/rpc-transport.c:439 -msgid "received invalid rpc header values: perhaps wrong protocol" +#: p11-kit/rpc-transport.c:653 +msgid "couldn't receive socket credentials" msgstr "" -#: p11-kit/rpc-transport.c:482 -msgid "couldn't use select to wait on rpc pipe" +#: p11-kit/rpc-transport.c:659 +msgid "peer protocol version is too old" msgstr "" -#: p11-kit/rpc-transport.c:688 p11-kit/rpc-transport.c:694 +#: p11-kit/rpc-transport.c:710 p11-kit/rpc-transport.c:716 msgid "closing socket due to protocol failure" msgstr "" -#: p11-kit/rpc-transport.c:733 +#: p11-kit/rpc-transport.c:755 #, c-format msgid "process %d did not exit, terminating" msgstr "" -#: p11-kit/rpc-transport.c:740 +#: p11-kit/rpc-transport.c:762 #, c-format msgid "failed to wait for executed child: %d" msgstr ""
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/trust/anchor.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/trust/anchor.c
Changed
@@ -60,6 +60,7 @@ #define _(x) dgettext(PACKAGE_NAME, x) #else #define _(x) (x) +#define dngettext(Domain,String1,String2,N) ((N) == 1 ? (String1) : (String2)) #endif static p11_parser * @@ -697,10 +698,11 @@ assert_not_reached (); if (errors > 0) { - if (errors == 1) - p11_message (_("%u error while processing"), errors); - else - p11_message (_("%u errors while processing"), errors); + p11_message (dngettext (PACKAGE_NAME, + "%u error while processing", + "%u errors while processing", + errors), + errors); } /* Extract the compat bundles after modification */
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/trust/builder.c -> _service:tar_scm:p11-kit-0.24.1.tar.xz/trust/builder.c
Changed
@@ -62,6 +62,8 @@ #define _(x) (x) #endif +#define ELEMS(x) (sizeof (x) / sizeof (x0)) + struct _p11_builder { p11_asn1_cache *asn1_cache; p11_dict *asn1_defs; @@ -1099,7 +1101,8 @@ continue; found = false; - for (j = 0; schema->attrsj.type != CKA_INVALID; j++) { + for (j = 0; j < ELEMS(schema->attrs) && + schema->attrsj.type != CKA_INVALID; j++) { if (schema->attrsj.type != mergei.type) continue; @@ -1132,7 +1135,8 @@ } if (attrs == NULL) { - for (j = 0; schema->attrsj.type != CKA_INVALID; j++) { + for (j = 0; j < ELEMS(schema->attrs) && + schema->attrsj.type != CKA_INVALID; j++) { flags = schema->attrsj.flags; found = false; @@ -1297,7 +1301,8 @@ free (data); } - for (i = 0; ku_attribute_mapi.type != CKA_INVALID; i++) { + for (i = 0; i < ELEMS(ku_attribute_map) && + ku_attribute_mapi.type != CKA_INVALID; i++) { attrsi.type = ku_attribute_mapi.type; if (data && (ku & ku_attribute_mapi.ku) == ku_attribute_mapi.ku) { attrsi.pValue = &present; @@ -1381,7 +1386,8 @@ /* The value set if a purpose is explicitly rejected */ disallow = CKT_NSS_NOT_TRUSTED; - for (i = 0; eku_attribute_mapi.type != CKA_INVALID; i++) { + for (i = 0; i < ELEMS(eku_attribute_map) && + eku_attribute_mapi.type != CKA_INVALID; i++) { attrsi.type = eku_attribute_mapi.type; if (dict_rej && p11_dict_get (dict_rej, eku_attribute_mapi.oid)) { attrsi.pValue = &disallow;
View file
_service:tar_scm:p11-kit-0.24.0.tar.xz/trust/meson.build -> _service:tar_scm:p11-kit-0.24.1.tar.xz/trust/meson.build
Changed
@@ -172,7 +172,7 @@ dependencies: asn_h_dep, libp11_kit_dep, libp11_library_dep, - libp11_test_dep + libffi_deps + dlopen_deps, + libp11_test_dep + libtasn1_deps + libffi_deps + dlopen_deps, link_with: libtrust_testable, libtrust_data, libtrust_test) endforeach endif
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2